Bug 1805091
| Summary: | After replacing openshift-ingress certificate not able to access jenkins | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | mmariyan |
| Component: | Jenkins | Assignee: | Vibhav Bobade <vbobade> |
| Status: | CLOSED DUPLICATE | QA Contact: | XiuJuan Wang <xiuwang> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.3.z | CC: | abenaiss, aos-bugs, pbhattac, vbobade |
| Target Milestone: | --- | ||
| Target Release: | 4.5.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-18 22:28:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
mmariyan
2020-02-20 08:44:22 UTC
Hello mmariyan, Can you confirm that this bug is the same as https://bugzilla.redhat.com/show_bug.cgi?id=1804345 If so, we can mark this as a clone and track it in one single place. Hello mmariyan,
Currently Jenkins does not support customCA explicitly, but to make it easier I am working on a feature for the Login Plugin it should make things easier.
Please consider the blow as a workaround.
The new feature should be able to add the certificate directly to the default JVM TrustStore.
1> Get the default keyStore.
oc rsync jenkins-1-8zbx2:/etc/pki/java ./custom-java
2> Add certificate to keystore
sudo keytool -keystore ./custom-java/cacerts -import -alias custom-ingress -file ./example.crt
3> Create a ConfigMap from the custom keystore
oc create configmap jenkins-custom-keystore --from-file=./custom-java/cacerts
4> Edit DeploymentConfig for using the custom Keystore with the following changes.
spec:
template:
spec:
containers:
- env:
- name: JAVA_TOOL_OPTIONS
value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
volumeMounts:
- mountPath: /etc/pki/java/cacerts
name: jenkins-custom-keystore
volumes:
- name: jenkins-custom-keystore
configMap:
name: jenkins-custom-keystore
Hope this helps,
Regards
*** This bug has been marked as a duplicate of bug 1804345 *** The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |